Table Of Contents

urgent-flag through write terminal Commands

urgent-flag

url

url-block

url-cache

url-list

url-list (webvpn)

url-server

user-authentication

user-authentication-idle-timeout

username

username attributes

username-prompt

user-parameter

virtual http

virtual telnet

vlan

vpn-access-hours

vpn-addr-assign

vpn-filter

vpn-framed-ip-address

vpn-framed-ip-netmask

vpn-group-policy

vpn-idle-timeout

vpn load-balancing

vpn-sessiondb logoff

vpn-sessiondb max-session-limit

vpn-sessiondb max-webvpn-session-limit

vpn-session-timeout

vpn-simultaneous-logins

vpn-tunnel-protocol

web-agent-url

web-applications

web-bookmarks

webvpn (group-policy and username modes)

who

window-variation

wins-server

write erase

write memory

write net

write standby

write terminal

urgent-flag through write terminal Commands

---

urgent-flag

To allow or clear the URG pointer through the TCP normalizer, use the urgent-flag command in tcp-map configuration mode. To remove this specification, use the no form of this command.

urgent-flag {allow | clear}

no urgent-flag {allow | clear}

Syntax Description

allow	Allows the URG pointer through the TCP normalizer.
clear	Clears the URG pointer through the TCP normalizer.

Defaults

The urgent flag and urgent offset are clear by default.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Tcp-map configuration	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The tcp-map command is used along with the Modular Policy Framework infrastructure. Define the class of traffic using the class-map command and customize the TCP inspection with tcp-map commands. Apply the newTCP map using the policy-map command. Activate TCP inspection with service-policy commands.

Use the tcp-map command to enter tcp-map configuration mode. Use the urgent-flag command in tcp-map configuration mode to allow the urgent flag.

The URG flag is used to indicate that the packet contains information that is of higher priority than other data within the stream. The TCP RFC is vague about the exact interpretation of the URG flag, therefore, end systems handle urgent offsets in different ways, which may make the end system vulnerable to attacks. The default behavior is to clear the URG flag and offset.

Examples

The following example shows how to allow the urgent flag:

hostname(config)# tcp-map tmap

hostname(config-tcp-map)# urgent-flag allow

hostname(config)# class-map cmap

hostname(config-cmap)# match port tcp eq 513

hostname(config)# policy-map pmap

hostname(config-pmap)# class cmap

hostname(config-pmap)# set connection advanced-options tmap

hostname(config)# service-policy pmap global

Related Commands

Command	Description
class	Specifies a class map to use for traffic classification.
policy-map	Configures a policy; that is, an association of a traffic class and one or more actions.
set connection	Configures connection values.
tcp-map	Creates a TCP map and allows access to tcp-map configuration mode.

url

To maintain the list of static URLs for retrieving CRLs, use the url command in crl configure configuration mode. The crl configure configuration mode is accessible from the crypto ca trustpoint configuration mode. To delete an existing URL, use the no form of this command.

url index url

no url index url

Syntax Description

index	Specifies a value from 1 to 5 that determines the rank of each URL in the list. The security appliance tries the URL at index 1 first.
url	Specifies the URL from which to retrieve the CRL.

Defaults

No default behaviors or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
CRL configure configuration	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

You cannot overwrite existing URLs. To replace an existing URL, first delete it using the no form of this command.

Examples

The following example enters ca-crl configuration mode, and sets up an index 3 for creating and maintaining a list of URLs for CRL retrieval and configures the URL https://foobin.com from which to retrieve CRLs:

hostname(configure)# crypto ca trustpoint central

hostname(ca-trustpoint)# crl configure

hostname(ca-crl)# url 3 https://foobin.com

hostname(ca-crl)# 

Related Commands

Command	Description
crl configure	Enters ca-crl configuration mode.
crypto ca trustpoint	Enters trustpoint configuration mode.
policy	Specifies the source for retrieving CRLs.

url-block

The url-block commands can be used to manage the URL buffers used for web server responses while waiting for a filtering decision from the filtering server. The url-block commands are also used to manage filtering of long URLs. To remove the configuration, use the no form of this command.

url-block block block_buffer_limit

no url-block block block_buffer_limit

Websense only:

url-block url-mempool memory_pool_size

no url-block url-mempool memory_pool_siz

The numeric parameters for the url-block command are lower in multi-context mode than in single-context mode. For example:

Single-context:

url-block block block_buffer_limit—max is 128

url-block url-mempool memory_pool_size—max is 10240

Multi-context:

url-block block block_buffer_limit—max is 16

url-block url-mempool memory_pool_size—max is 512

Syntax Description

block block_buffer_limit	Creates an HTTP response buffer to store web server responses while waiting for a filtering decision from the filtering server. The permitted values are from 0 to 128, which specifies the number of 1550-byte blocks.
url-mempool memory_pool_size	For Websense URL filtering only. The size of the URL buffer memory pool in Kilobytes (KB). The permitted values are from 2  to 10240, which specifies a URL buffer memory pool from 2 KB to 10240 KB. Note This is not supported on the UDP transport servers.
url-size long_url_size	For Websense URL filtering only. The maximum allowed URL size in KB. The permitted values are 2, 3, or 4, which specifies a maximum URL size of 2 KB, 3 KB, or 4KB. Note This is not supported on the UDP transport servers.

Defaults

This command is disabled by default.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

For Websense filtering servers, the url-block url-size command allows filtering of long URLs, up to 4 KB. For both Websense and N2H2 filtering servers, the url-block block command causes the security appliance to buffer packets received from a web server in response to a web client request while waiting for a response from the URL filtering server. This improves performance for the web client compared to the default security appliance behavior, which is to drop the packets and to require the web server to retransmit the packets if the connection is permitted.

If you use the url-block block command and the filtering server permits the connection, the security appliance sends the blocks to the web client from the HTTP response buffer and removes the blocks from the buffer. If the filtering server denies the connection, the security appliance sends a deny message to the web client and removes the blocks from the HTTP response buffer.

Use the url-block block command to specify the number of blocks to use for buffering web server responses while waiting for a filtering decision from the filtering server.

Use the url-block url-size command with the url-block url-mempool command to specify the maximum length of a URL to be filtered by a Websense filtering server and the maximum memory to assign to the URL buffer. Use these commands to pass URLs longer than 1159 bytes, up to a maximum of 4096 bytes, to the Websense server. The url-block url-size command stores URLs longer than 1159 bytes in a buffer and then passes the URL to the Websense server (through a TCP packet stream) so that the Websense server can grant or deny access to that URL.

Examples

The following example assigns 56 1550-byte blocks for buffering responses from the URL filtering server:

hostname#(config)# url-block block 56

Related Commands

Commands	Description
clear url-block block statistics	Clears the block buffer usage counters.
filter url	Directs traffic to a URL filtering server.
show url-block	Displays information about the URL cache, which is used for buffering URLs while waiting for responses from an N2H2 or Websense filtering server.
url-cache	Enables URL caching while pending responses from an N2H2 or Websense server and sets the size of the cache.
url-server	Identifies an N2H2 or Websense server for use with the filter command.

url-cache

To enable URL caching for URL responses received from an N2H2 or Websense server and to set the size of the cache, use the url-cache command in global configuration mode. To remove the configuration, use the no form of this command.

url-cache {dst |   src_dst} kbytes [kb]

no url-cache {dst |   src_dst} kbytes [kb]

Syntax Description

dst	Cache entries based on the URL destination address. Select this mode if all users share the same URL filtering policy on the N2H2 or Websense server.
size kbytes	Specifies a value for the cache size within the range 1 to 128 KB.
src_dst	Cache entries based on the both the source address initiating the URL request as well as the URL destination address. Select this mode if users do not share the same URL filtering policy on the N2H2 or Websense server.
statistics	Use the statistics option to display additional URL cache statistics, including the number of cache lookups and hit rate.

Defaults

This command is disabled by default.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

The url-cache command provides a configuration option to cache responses from the URL server.

Use the url-cache command to enable URL caching, set the size of the cache, and display cache statistics.

Caching stores URL access privileges in memory on the security appliance. When a host requests a connection, the security appliance first looks in the URL cache for matching access privileges instead of forwarding the request to the N2H2 or Websense server. Disable caching with the no url-cache command.

---

Note If you change settings on the N2H2 or Websense server, disable the cache with the no url-cache command and then re-enable the cache with the url-cache command.

---

Using the URL cache does not update the Websense accounting logs for Websense protocol Version 1. If you are using Websense protocol Version 1, let Websense run to accumulate logs so you can view the Websense accounting information. After you get a usage profile that meets your security needs, enable url-cache to increase throughput. Accounting logs are updated for Websense protocol Version 4 and for N2H2 URL filtering while using the url-cache command.

Examples

The following example caches all outbound HTTP connections based on the source and destination addresses:

hostname(config)# url-cache src_dst 128

Related Commands

Commands	Description
clear url-cache statistics	Removes url-cache command statements from the configuration.
filter url	Directs traffic to a URL filtering server.
show url-cache statistics	Displays information about the URL cache, which is used for URL responses received from an N2H2 or Websense filtering server.
url-server	Identifies an N2H2 or Websense server for use with the filter command.

url-list

To configure a set of URLs for WebVPN users to access, use the url-list command in global configuration mode. To configure a list with multiple URLs, use this command with the same listname multiple times, once for each URL. To remove an entire configured list, use the no url-list listname command. To remove a configured URL, use the no url-list listname url command.

To configure multiple lists, use this command multiple times, assigning a unique listname to each list.

url-list {listname displayname url}

no url-list listname

no url-list listname url

Syntax Description

displayname	Provides the text that displays on the WebVPN end user interface to identify the URL. Maximum 64 characters. The displayname must be unique for a given list. Spaces are allowed.
listname	Groups the set of URLs that WebVPN users can access. Maximum 64 characters. Maximum 64 characters. Semi-colons (;) ampersands (&), and less-than (<) characters are not allowed.
url	Specifies the link. Supported URL types are http, https and cifs.

Defaults

There is no default URL list.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration mode	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

You use the url-list command in global configuration mode to create one or more lists of URLs. To allow access to the URLs in a list for a specific group policy or user, use the listname you create here with the url-list command in webvpn mode.

Examples

The following example shows how to create a URL list called Marketing URLs that provides access to www.cisco.com, www.example.com, and www.example.org. The following table provides values that the example uses for each application.

listname	displayname	url
Marketing URLs	Cisco Systems	http://www.cisco.com
Marketing URLs	Example Company, Inc.	http://www.example.com
Marketing URLs	Example Organization	http://www.example.org

hostname(config)# url-list Marketing URLs Cisco Systems http://www.cisco.com

hostname(config)# url-list Marketing URLs Example Company, Inc. http://www.example.com

hostname(config)# url-list Marketing URLs Example Organization http://www.example.org

Related Commands

Command	Description
clear configuration url-list	Removes all url-list commands from the configuration. If you include the listname, the security appliance removes only the commands for that list.
url-list	Use this command in webvpn mode to permit a group policy or user to access a previously configured list of urls.
show running-configuration url-list	Displays the current set of configured urls.
webvpn	Use in group-policy configuration mode or in username configuration mode. Lets you enter webvpn mode to configure parameters that apply to group policies or usernames.
webvpn	Use in global configuration mode. Lets you configure global settings for WebVPN.

url-list (webvpn)

To apply a list of WebVPN servers and URLs to a particular user or group policy, use the url-list command in group-policy webvpn configuration mode or in username webvpn configuration mode. To remove a list, including a null value created by using the url-list none command, use the no form of this command. The no option allows inheritance of a value from another group policy. To prevent inheriting a url list, use the url-list none command. Using the command a second time overrides the previous setting.

url-list {value name | none} [index]

no url-list

Syntax Description

index	Indicates the display priority on the home page.
none	Sets a null value for url lists. Prevents inheriting a list from a default or specified group policy.
value name	Specifies the name of a previously configured list of urls. To configure such a list, use the url-list command in global configuration mode.

Defaults

There is no default URL list.

Command Modes

The following table shows the modes in which you enter the commands:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Webvpn mode	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

Using the command a second time overrides the previous setting.

Before you can use the url-list command in webvpn mode to identify a URL list that you want to display on the WebVPN home page for a user or group policy, you must create the list. Use the url-list command in global configuration mode to create one or more lists.

Examples

The following example applies a URL list called FirstGroupURLs for the group policy named FirstGroup and assigns it first place among the URL lists:

hostname(config)# group-policy FirstGroup attributes

hostname(config-group-policy)# webvpn

hostname(config-group-webvpn)# url-list value FirstGroupURLs 1

Related Commands

Command	Description
clear configure url-list [listname]	Removes all url-list commands from the configuration. If you include the listname, the security appliance removes only the commands for that list.
show running-configuration url-list	Displays the current set of configured url-list commands.
url-list	Use this command in webvpn mode, which you access in global configuration mode, to configure the set of URLs that WebVPN users can access.
webvpn	Lets you enter webvpn mode. This can be webvpn configuration mode, group-policy webvpn configuration mode (to configure webvpn settings for a specific group policy), or username webvpn configuration mode (to configure webvpn settings for a specific user).

url-server

To identify an N2H2 or Websense server for use with the filter command, use the url-server command in global configuration mode. To remove the configuration, use the no form of this command.

N2H2

url-server (if_name) vendor n2h2 host local_ip [port number] [timeout seconds] [protocol {TCP | UDP [connections num_conns]}]

no url-server (if_name) vendor n2h2 host local_ip [port number] [timeout seconds] [protocol {TCP | UDP [connections num_conns]}]

Websense

url-server (if_name) vendor websense host local_ip [timeout seconds] [protocol {TCP | UDP | connections num_conns] | version]

no url-server (if_name) vendor websense host local_ip [timeout seconds] [protocol {TCP | UDP [connections num_conns] | version]

Syntax Description

N2H2

connections	Limits the maximum number of TCP connections permitted.
num_conns	Specifies the maximum number of TCP connections created from the security appliance to the URL server. Since this number is per server, different servers can have different connection values.
host local_ip	The server that runs the URL filtering application.
if_name	(Optional) The network interface where the authentication server resides. If not specified, the default is inside.
port number	The N2H2 server port. The security appliance also listens for UDP replies on this port. The default port number is 4005.
protocol	The protocol can be configured using TCP or UDP keywords. The default is TCP.
timeout seconds	The maximum idle time permitted before the security appliance switches to the next server you specified. The default is 30 seconds.
vendor n2h2	Indicates URL filtering service vendor is N2H2.

Websense

connections	Limits the maximum number of TCP connections permitted.
num_conns	Specifies the maximum number of TCP connections created from the security appliance to the URL server. Since this number is per server, different servers can have different connection values.
host local_ip	The server that runs the URL filtering application.
if_name	The network interface where the authentication server resides. If not specified, the default is inside.
timeout seconds	The maximum idle time permitted before the security appliance switches to the next server you specified. The default is 30 seconds.
protocol	The protocol can be configured using TCP or UDP keywords. The default is TCP protocol, Version 1.
vendor websense	Indicates URL filtering service vendor is Websense.
version	Specifies protocol Version 1 or 4. The default is TCP protocol Version 1. TCP can be configured using Version 1 or Version 4. UDP can be configured using Version 4 only.

Defaults

This command is disabled by default.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

The url-server command designates the server running the N2H2 or Websense URL filtering application. The limit is 16 URL servers in single context mode and 4 URL servers in multi mode; however, and you can use only one application at a time, either N2H2 or Websense. Additionally, changing your configuration on the security appliance does not update the configuration on the application server; this must be done separately, according to the vendor instructions.

The url-server command must be configured before issuing the filter command for HTTPS and FTP. If all URL servers are removed from the server list, then all filter commands related to URL filtering are also removed.

Once you designate the server, enable the URL filtering service with the filter url command.

Use the show url-server statistics command to view server statistic information including unreachable servers.

Follow these steps to filter URLs:

---

Step 1 Designate the URL filtering application server with the appropriate form of the vendor-specific url-server command.

Step 2 Enable URL filtering with the filter command.

Step 3 (Optional) Use the url-cache command to enable URL caching to improve perceived response time.

Step 4 (Optional) Enable long URL and HTTP buffering support using the url-block command.

Step 5 Use the show url-block block statistics, show url-cache statistics, or the show url-server statistics commands to view run information.

For more information about Filtering by N2H2, visit N2H2's website at:

http://www.n2h2.com

For more information on Websense filtering services, visit the following website:

http://www.websense.com/

---

Examples

Using N2H2, the following example filters all outbound HTTP connections except those from the 10.0.2.54 host:

hostname(config)# url-server (perimeter) vendor n2h2 host 10.0.1.1

hostname(config)# filter url http 0 0 0 0

hostname(config)# filter url except 10.0.2.54 255.255.255.255 0 0

Using Websense, the following example filters all outbound HTTP connections except those from the 10.0.2.54 host:

hostname(config)# url-server (perimeter) vendor websense host 10.0.1.1 protocol TCP 
version 4

hostname(config)# filter url http 0 0 0 0

hostname(config)# filter url except 10.0.2.54 255.255.255.255 0 0

Related Commands

Commands	Description
clear url-server	Clears the URL filtering server statistics.
filter url	Directs traffic to a URL filtering server.
show url-block	Displays information about the URL cache, which is used for URL responses received from an N2H2 or Websense filtering server.
url-cache	Enables URL caching while pending responses from an N2H2 or Websense server and sets the size of the cache.

user-authentication

To enable user authentication, use the user-authentication enable command in group-policy configuration mode. To disable user authentication, use the user-authentication disable command. To remove the user authentication attribute from the running configuration, use the no form of this command. This option allows inheritance of a value for user authentication from another group policy.

When enabled, user authentication requires that individual users behind a hardware client authenticate to gain access to the network across the tunnel.

user-authentication {enable | disable}

no user-authentication

Syntax Description

disable	Disables user authentication.
enable	Enables user authentication.

Defaults

User authentication is disabled.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Group-policy	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

Individual users authenticate according to the order of authentication servers that you configure.

If you require user authentication on the primary security appliance, be sure to configure it on any backup servers as well.

Examples

The following example shows how to enable user authentication for the group policy named "FirstGroup":

hostname(config)# group-policy FirstGroup attributes

hostname(config-group-policy)# user-authentication enable

Related Commands

Command	Description
ip-phone-bypass	Lets IP phones connect without undergoing user authentication. Secure unit authentication remains in effect.
leap-bypass	Lets LEAP packets from wireless devices behind a VPN client travel across a VPN tunnel prior to user authentication, when enabled. This lets workstations using Cisco wireless access point devices establish LEAP authentication. Then they authenticate again per user authentication.
secure-unit-authentication	Provides additional security by requiring the VPN client to authenticate with a username and password each time the client initiates a tunnel.
user-authentication-idle-timeout	Sets an idle timeout for individual users. If there is no communication activity on a user connection in the idle timeout period, the security appliance terminates the connection.

user-authentication-idle-timeout

To set an idle timeout for individual users behind hardware clients, use the user-authentication-idle-timeout command in group-policy configuration mode. To delete the idle timeout value, use the no form of this command. This option allows inheritance of an idle timeout value from another group policy. To prevent inheriting an idle timeout value, use the user-authentication-idle-timeout none command.

If there is no communication activity by a user behind a hardware client in the idle timeout period, the security appliance terminates the connection.

user-authentication-idle-timeout {minutes | none}

no user-authentication-idle-timeout

Syntax Description

minutes	Specifies the number of minutes in the idle timeout period. The range is from 1 through 35791394 minutes
none	Permits an unlimited idle timeout period. Sets idle timeout with a null value, thereby disallowing an idle timeout. Prevents inheriting an user authentication idle timeout value from a default or specified group policy.

Defaults

30 minutes.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Group-policy	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The minimum is 1 minute, the default is 30 minutes, and the maximum is 10,080 minutes.

Examples

The following example shows how to set an idle timeout value of 45 minutes for the group policy named "FirstGroup":

hostname(config)# group-policy FirstGroup attributes

hostname(config-group-policy)# user-authentication-idle-timeout 45

Related Commands

Command	Description
user-authentication	Requires users behind hardware clients to identify themselves to the security appliance before connecting.

username

To add a user to the security appliance database, enter the username command in global configuration mode. To remove a user, use the no version of this command with the username you want to remove. To remove all usernames, use the no version of this command without appending a username.

username {name} {nopassword | password password [encrypted]} [privilege priv_level]}

no username [name]

Syntax Description

encrypted	Indicates that the password is encrypted.
name	Provides the name of the user.
nopassword	Indicates that this user needs no password.
password password	Indicates that this user has a password, and provides the password.
privilege priv_level	Sets a privilege level for this user. The range is from 0 to 15, with lower numbers having less ability to use commands and administer the security appliance. The default privilege level is 2. The typical privilege level for a system administrator is 15.

Defaults

By default, VPN users that you add with this command have no attributes or group policy association. You must configure all values explicitly.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The internal user authentication database consists of the users entered with the username command. The login command uses this database for authentication.

Use the username attributes command to enter config-username mode, in which you can configure any of the following attributes:

Attribute	Function
group-lock	Name an existing tunnel-group with which the user is required to connect.
password-storage	Enables/disables storage of the login password on the client system.
vpn-access-hours	Specifies the name of a configured time-range policy.
vpn-filter	Specifies the name of a user-specific ACL
vpn-framed-ip-address	Specifies the IP address and the net mask to be assigned to the client.
vpn-group-policy	Specifies the name of a group-policy from which to inherit attributes.
vpn-idle-timeout	Specifies the idle timeout period in minutes, or none to disable.
vpn-session-timeout	Specifies the maximum user connection time in minutes, or none for unlimited time.
vpn-simultaneous-logins	Specifies the maximum number of simultaneous logins allowed.
vpn-tunnel-protocol	Specifies permitted tunneling protocols.
webvpn	Enters webvpn mode, in which you configure webvpn attributes.

Examples

The following example shows how to configure a user named "anyuser" with a n encrypted password of 12345678 and a privilege level of 12:

hostname(config)# username anyuser password 12345678 encrypted privilege 12

Related Commands

Command	Description
clear config username	Clears the configuration for a particular user or for all users.
show running-config username	Displays the running configuration for a particular user or for all users.
username attributes	Enters username attributes mode, which lets you configure attributes for specific users.
webvpn	Enters config-group-webvpn mode, in which you can configure the WebVPN attributes for the specified group.

username attributes

To enter the username attributes mode, use the username attributes command in username configuration mode. To remove all attributes for a particular user, use the no form of this command and append the username. To remove all attributes for all users, use the